Microsoft's lax security blasted by investigators after serious breach

Cascade of failings allowed Chinese hackers to access government emails, says US review board

John Leonard
clock • 3 min read
Microsoft's lax security blasted by investigators after serious breach

A damning report by the US Cyber Safety Review Board (CSRB), has revealed a "cascade of errors and security failures" at Microsoft which allowed a major breach of its systems last year.

The attack, which took place in summer 2023, saw China-linked threat actor Storm-0558 access the Microsoft Exchange Online mailboxes of 22 organisations and more than 500 individuals, including sev...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
CISA issues emergency order on Microsoft breach by Russian hackers

Threats and Risks

Affected bodies must take immediate action, agency says

clock 12 April 2024 • 2 min read
Two zero-days fixed in Microsoft's Patch Tuesday update

Security

But no Exchange fixes this month

clock 10 April 2024 • 3 min read
 Microsoft announces new London AI hub

Corporate

New hub is part of ongoing £2.5bn investment in UK

clock 08 April 2024 • 3 min read

More on Security

Interview: Sharp UK, Security Excellence Awards finalist

Interview: Sharp UK, Security Excellence Awards finalist

'We make technology easy by listening, taking the time to understand our clients, and creating seamless solutions that work'

Computing Staff
clock 12 April 2024 • 4 min read
Interview: LRQA Nettitude, Security Excellence Awards finalist

Interview: LRQA Nettitude, Security Excellence Awards finalist

'We are the only cybersecurity team in the world with a full suite of CREST accreditations'

Computing Staff
clock 11 April 2024 • 4 min read
Interview: Nationwide Building Society, Security Excellence Awards finalist

Interview: Nationwide Building Society, Security Excellence Awards finalist

'Working hard on cyber and wider operational resilience means that whatever happens we can be increasingly confident of being there for our customers when they need us'

Computing Staff
clock 10 April 2024 • 3 min read